26 Sep
2014
26 Sep
'14
11:07 p.m.
On Sat, Sep 27, 2014 at 12:55:30AM +1000, Russell Coker wrote:
#!/bin/bash echo ok
I created a script named zz with the above contents. I ran the following test using bash 4.2+dfsg-0.1 from Debian/Wheezy (the unfixed version) and got an unexpected SEGV.
# ORIG="() { :;} ; touch /tmp/ohno" ./zz /bin/bash: touch: No such file or directory Segmentation fault
The segfault goes away if you start the script "#!/bin/bash -p". Does that mean such scripts defeat the exploit? I always used to start my scripts that way to avoid inheriting functions from the environment; but I stopped exporting functions a while ago... Cheers ... Duncan.